DISA updates draft cloud security guidelines
- By Mark Pomerleau
- Jul 31, 2015
As the Department of Defense looks to move more resources to the cloud, the Defense Information Systems Agency has updated its draft guidance on cloud security.
The first of three revised documents is an updated version of the Department of Defense Cloud Computing Security Requirements Guide, which “outlines the security model by which DOD will leverage cloud computing along with the security controls and additional requirements necessary for using cloud-based solutions.”
The next document, a cloud access point (CAP) functional requirements document, identifies the security, network and performance considerations for protecting the Department of Defense Information Network where it meets the cloud service environment. CAPs are designed to detect and prevent an attack before it reaches the DODIN and to provide perimeter defenses and sensing for applications hosted in the commercial cloud service.
The third document, a draft concept of operations, defines procedures for the organizations that will defend DODIN in the cloud.
All three drafts are available for community review; comments are due by Aug. 22.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.